mediawiki-l-bounces(a)lists.wikimedia.org schrieb am 06.10.2010 17:27:02:
> My impression regarding A) is, that the
LDAP-extension-plugin does not
> support cleartext communication with the LDAP-server out of the box,
so
> unless you explicitly set the option to use
cleartext, you will be
safe.
> Am I right?
The default is LDAP via StartTLS, and it is enforced.
You can change
to LDAPS or cleartext LDAP, if you so choose.
Secure out of the box. Well designed :-) Thanks for reassuring.
[...]
I believe there is a way to do this. You'll need
to make sure your
cookies are marked as secure, and the web server ensures that login
pages are forced SSL. There used to be a configuration hack, but it
looks like the documentation is no longer on
mediawiki.org. I'd find
it in the history, but it may be gone for a reason.
I used the extension promoted by Daniel Barret in his reply to my post. As
fas as I understood the source code, it does exactly what you describe
here. And it works like a charme.
- Ryan Lane
Thank you Ryan and Daniel!
CU
Arnd